Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: secp256k1 fromSeedPhrase now supported #645

Merged
merged 9 commits into from
Nov 7, 2022

Conversation

krpeacock
Copy link
Contributor

Description

For some time, people have requested support for re-using a consistent identity across their stack, either for testing purposes or CI. This code has been available, but was not included in agent-js. For convenience, this method is now supported

Affects #622

How Has This Been Tested?

Unit testing

Checklist:

  • My changes follow the guidelines in CONTRIBUTING.md.
  • The title of this PR complies with Conventional Commits.
  • I have edited the CHANGELOG accordingly.
  • I have made corresponding changes to the documentation.

@krpeacock krpeacock requested a review from a team as a code owner October 11, 2022 18:46
@krpeacock
Copy link
Contributor Author

Pending security review

Copy link
Contributor

@robin-kunzler robin-kunzler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@krpeacock : Thanks a lot for adding this! As requested I reviewed the security warnings and they look good to me, thanks. Also, given those warnings it seems OK to me to provide this additional features.

Just out of curiosity: Do you know what use cases people want to solve with this?

FYI Internet Identity also has code that creates a Ed25519KeyIdentity from a seed phrase. See here.


This identity can be generated using the bip39 curve from a seed phrase, to produce a consistent identity across `dfx` and `agent-js`. In this package, import `Secp256k1KeyIdentity` and call `fromSeed`, passing in your seed. You can import the same seed in `dfx` by writing it to a file, and running `dfx identity import --seed-file <filename>`.

Depending on the security of what this identity controls, this should not be used carelessly. Even copy/pasting a phrase can be a risk, and you should make your best efforts to discourage your users from storing seed phrases digitally or using them in browser contexts that may be at risk of cross-site scripting.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the warning, thanks for adding it!

packages/identity/src/identity/secp256k1.ts Outdated Show resolved Hide resolved
@krpeacock krpeacock merged commit 26a97bd into main Nov 7, 2022
@krpeacock krpeacock deleted the kyle/seed-phrase-secp256k1 branch November 7, 2022 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants